Hi,
We have an IPSec Tunnel between office1 and office2 to connect two Servers. We need office1 users to connect to the server in office2 using another interface instead of the IPSec Tunnel and let only the servers communicate over IPSec. How can we achieve this, if it is possible?
BR.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you don't have to let all users/machines (including "office1 users") to use the IPsec when the "another interface (MPLS or point-to-point circuit?) " goes down, that's probably the easiest way to do it.
Remember, a policy route "sticks" even when the interface goes down. So if that happens, those "office1 users" can't get to office2 over the IPsec.
If you want to control those situations more flexibly, including based on sources and destinations, you have to set up a SD-WAN zone and put both the IPsec and another interface as members and set proper rules who uses which path in what situations more in detail.
Routing protocols would work for selecting the destinations only. So if you need to control the paths based on the source users/groups, they wouldn't work.
Toshi
After creating a policy route, it is working. Is this the correct way to do it?
If you don't have to let all users/machines (including "office1 users") to use the IPsec when the "another interface (MPLS or point-to-point circuit?) " goes down, that's probably the easiest way to do it.
Remember, a policy route "sticks" even when the interface goes down. So if that happens, those "office1 users" can't get to office2 over the IPsec.
If you want to control those situations more flexibly, including based on sources and destinations, you have to set up a SD-WAN zone and put both the IPsec and another interface as members and set proper rules who uses which path in what situations more in detail.
Routing protocols would work for selecting the destinations only. So if you need to control the paths based on the source users/groups, they wouldn't work.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.